Enes Özeser

8 exploits Active since Aug 2020
CVE-2020-23936 WRITEUP CRITICAL WRITEUP
PHPGurukul Vehicle Parking Management System 1.0 - Auth Bypass
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
CVSS 9.8
CVE-2021-27722 EXPLOITDB HIGH python WORKING POC
Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
CVSS 7.5
CVE-2020-35249 EXPLOITDB MEDIUM text WORKING POC
Elkarbackup - XSS
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.
CVSS 6.1
CVE-2020-27406 EXPLOITDB MEDIUM text WORKING POC
DynPG 4.9.1 - XSS
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
CVSS 5.4
CVE-2020-23935 EXPLOITDB CRITICAL text WORKING POC
Kabir Alhasan Student Management System 1.0 - Auth Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
CVSS 9.8
CVE-2020-23934 EXPLOITDB HIGH text WORKING POC
RiteCMS 2.2.1 - Command Injection
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.
CVSS 8.8
EIP-2026-106242 EXPLOITDB text WORKING POC
Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)
EIP-2026-106243 EXPLOITDB text WORKING POC
Croogo 3.0.2 - Unrestricted File Upload